4 Answers
4

If you run a given hash algorithm across a given file you will always get a given value as a result.

The only way you can get multiple hash values for a given file is by using a different algorithm (SHA-2 instead of MD5 for example)

It is common for malware to attempt to avoid detection by adding arbitrary data to the end of copies, making the hash of each copy unique. But note that in this case each copy of the malware will still only have one hash.

When you talk about malware, most of the time there are multiple variants of the same malware.. The working of the malware, the exploit, the payload/shell are all the same. Only a few instructions are changed for the purpose of either avoiding detection or communicating with a different command and control centre. Therefore, a single variant of a family of malware will always have one single hash (or signature). If you are talking about different variants of a single family of malware, then every single one will have a different hash value.

A malware file can have different hash value at different intervals of time. As the malware operates automatically , the hash value of the file may change consequent to any change in the file. However, if the data remains write protect, no change would take place and the hash value of the malware file would also remain the same.